Hard, cold IT security truths from SANS at RSA 2011

One of the last sessions of RSA Conference 2011 in San Francisco was one of the best, in which the SANS institute ran through some hard, cold truths.

End-to-end encryption is not a panacea for data breaches, said Ed Skoudis, founder of InGuardians consultancy, author, and lecturer at the SANS institute.

Many so-called end-to-end encryption solutions, it turns out, decrypt data for processing in applications. Attackers know this and so are going after the data while it is in clear text in memory. Virtualisation is no fix either, as the attackers are also able to capture whatever is in virtual memory too.

IPV6 also turns out to be a major point of vulnerability, mainly because most organisations do no realise that it is enabled by default on their systems, and they are consequently not doing anything to monitor for exploits or malware.

Businesses should shut down IPV6 throughout the newtwork until they are more familiar with it, have a real need for it and a plan to roll it out, and have some defences in place, said Johannes Ullrich, head of the SANS Internet Storm Center.

Preparation for IPV6 will take most big corporations about a year, he said, so they should get started and get educated now.

Interestingly, Ullrich’s closing point was that information security professionals within organisations tend to get distracted by the threat of the day, which means they are not necessarily paying enough attention to doing the basics.

He reiterated what many security industry experts have been saying for at least the past year, that many organisations have yet to achieve proper defence in depth. Many are typically not using alternatives to passwords as an authentication method, and those still using passwords only, are typically not changing those passwords regularly.

Ullrich’s parting shot was: “Above all, ensure you know what you have on your network so you will be able to identify what should not be there.”


Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

I would like to get across my appreciation for your kind-heartedness giving support to those people that must have guidance on this one subject matter. Your very own commitment to getting the message across appeared to be amazingly valuable and has empowered most people just like me to achieve their objectives. Your entire interesting key points entails a lot a person like me and especially to my office workers. Many thanks; from each one of us.
My wife and i ended up being so joyful that John managed to finish off his investigation with the precious recommendations he made from your very own site. It's not at all simplistic just to choose to be releasing secrets which usually many people could have been trying to sell. And we also understand we have the writer to appreciate for this. The entire explanations you've made, the simple blog menu, the friendships you aid to promote - it is mostly superb, and it is aiding our son in addition to the family reckon that this theme is fun, which is certainly really pressing. Thank you for the whole lot!